<html>
<body>
    <p>Inner iframe on a foreign domain.</p>
    <iframe id="aFrame" name="aFrame"></iframe>
    <script>
        var url = "data:text/html,<html>"
            + "<body>"
            +     "<p id='accessMe'>PASS: Cross frame access from a frame on a foreign domain denied!</p>"
            +     "<p>Inner-inner iframe. This iframe (which is data: URL and whose parent is on a foreign domain) is the frame that the"
            +     " main frame is trying to access.  It should not have access to it.</p>"
            + "</body>"
            + "</html>";

        var frame = document.getElementById('aFrame');
        frame.onload = function () { window.parent.postMessage('run test', '*'); };
        frame.src = url;
    </script>
</body>
</html>
